Risk and Reward: Enterprise Risk Management Technology

Enterprise risk management is as much about a bank's culture as it is about specific technology deployments.

Taking Bites Out of ERM

While some banks have taken the big-bang approach to ERM, most will tackle the project in phases, according to Fiserv's Garcia. "There's going to be a lot of process transformation that will need to occur -- automation of processes," she says. "Those are specific bite-size chunks that may look very different from one institution to the next."

Technologies common to successful ERM implementations, BearingPoint's Vishnu says, include a flexible data warehouse and specific analytic tools that are user-friendly. But, he stresses, while technology is important, it is just one component of an overall risk management strategy. "Technology doesn't get leveraged in isolation," Vishnu adds.

"Risk management is a highly IT-oriented framework that needs stability and design in an ever-changing environment," Banca Intesa's Sironi explains. "The risk architecture is not an IT process but an analytical one that requires structure and flexibility to support a long-term vision."

As with any major change, ERM comes with hurdles that stand in the way of the transformation. "Cultural hurdles are the No. 1 concern," Fiserv's Garcia says. "ERM is going to require significant change. No longer will it be managed in business silos; it will be managed at the enterprise level, and that will require new people and new ways of thinking. It's also going to require substantial investments in technology, and that's not always an easy thing for an organization to digest. Bite-sized things will be tackled on a case-by-case basis."

The Bank of New York is among the financial institutions that are well on their way to achieving ERM, relates the bank's Nedzi, who oversees the financial institution's credit portfolio management division and Basel II compliance efforts. "We have the systems and governance framework covering the various risk silos in place, and the next step is trying to identify and model the correlation that exists across those silos of risk," he describes.

The bank has implemented two primary technology platforms for its Basel II compliance effort, Nedzi says. It worked with Algorithmics to develop a credit rating system and with BearingPoint to create a credit risk data warehouse. "We're probably ahead of the game relative to others," Nedzi asserts. "A distinct advantage to what we've had is that our recent acquisitions have been largely product-line acquisitions, which have not required significant integration of risk management technology platforms," he notes.

"The hardest part of everything you do in risk management is demonstrating the benefits," Nedzi continues. "Looking back and testing the benefits is one of the constant challenges we have."

While there are no direct metrics to measure the success of ERM, banks that have effective and integrated risk management will be more operationally efficient, leading to an improved cost-to-income ratio, and they also should be able to stem the cost of fraud, Fiserv's Garcia contends. "Those are two areas where you can measure success," she says, adding that banks that effectively manage risk should also be able to streamline the number of people who are tapped to manage risk and compliance.